"Steven M. Christey" wrote: > David Wheeler said: > > >The problem is that developers don't grok _ANY_ of the books. > > I wonder if some of this has to do with how the books are laid out. I doubt thatīs the main reason. I deal with leading programmers, and it seems to me that they are very well trained to always think about performance in terms of memory and CPU usage. They rarely never are trained to think about security from line one. When pressing them to do so, this is considered to be a burden. Almost like when the teacher forced you to make your first flowchart instead of just launching the it all in the code editor. When asking why I seem to get three answers: (1) Many programmers see security as something extremly difficult. This leads them to give up before they even started. (2) "It wonīt happen to my application anyway" (3) This is a job for the network and technet-guys to do. The common ground is that this is not part of what they think is an important part of an application. It doesnīt seem to be part of their professional pride in the same way as saving memory and CPU power is. This in turn seems logical if you look at the world ten years back: no networks, expensive memory and slow CPU:s. So what we need is a wake up call, with lots of missionary work. The main thing I would say is that all the people devoted to this list should also be active in other forums for programmers. The programmers want come here fast enought, so we should come to them. /Stefan
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 09:57:12 PST